IBM Security Randori Recon sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

IBM Security Randori Recon sample message when you use the IBM Security Randori REST API protocol

The following sample event message shows the alert that was generated when a customer successfully enrolled with Randori Recon.

{"affiliation_state":"None","applicability":4,"attack_note":"","authority":false,"authority_distance":2,"authority_override":false,"authorization_state":"None","banners_uuid":"0e26bfc","cert_uuid":null,"characteristics_count":0,"confidence":60,"cpe":{"cpe_version":null,"edition":null,"language":null,"other":null,"part":null,"product":null,"str":"","sw_edition":null,"target_hw":null,"target_sw":null,"update":null,"vendor":null,"version":null},"criticality":2,"deleted":false,"description":"connection.","detection_criteria":{"ip":{"address":"10.0.0.1","version":4},"tcp":{"port":23}},"detection_relevance":1020,"enumerability":1,"exploitability":0,"first_seen":"2022-07-07T01:03:59.245455+00:00","headers_uuid":null,"hostname":null,"hostname_id":null,"id":"fde87907","impact_score":"None","ip":"10.0.0.1","ip_id":"fa7e4","ip_str":"10.0.0.1","last_seen":"2022-08-14T03:39:44.607092+00:00","lens_id":"08638","lens_view":"public","name":"Telnet","org_id":"e08411e","path":null,"perspective":"0000-0000-000000000000","perspective_name":"PUBLIC","poc_email":null,"poc_id":null,"port":23,"post_exploit":3,"priority_impact_factor":0.0,"priority_score":200.1,"priority_status_factor":0.0,"priority_tags_factor":0.0,"private_weakness":0,"protocol":"tcp","public_weakness":0,"randori_notes":"","reference":"","research":2,"screenshot_uuid":"48f8832c","service_id":"0e19f","status":"None","tags":{"Amazon":{"content":"Amazon","display":true,"entity_id":"4bf907","org_id":"923af11e","time_added":"2022-07-08T15:00:34.855899+00:00"}},"target_confidence":60,"target_first_seen":"2022-07-07T01:21:23.277675+00:00","target_id":"4b907","target_last_seen":"2022-08-14T03:50:44.731212+00:00","target_num_detections":1,"target_temptation":10,"tech_category":null,"temptation_last_modified":"2022-07-07T01:03:59.245455+00:00","thumbnail_uuid":"45d86","vendor":"Generic","version":""}
Table 1. Highlighted fields in the Randori Recon event
QRadar field name Highlighted payload field name
Event ID Randori Target - Low Priority
Source IP ip
Port port